So thats why whenever I try to find a package in apt, I have to iterate through thousands of simiparly named
librust-{dictionaryword}-{component}-devpackages in order to find the simplecomponentI want… Apt repos have really been trying too hard for granularity, I’m pretty sure there are more librust áckages than actual end-user program packages.Still gonna use Debian.
Yeah, it’s pretty good. But now that I’ve started studying, and don’t have time for learning it (I’ve literally made a personal wiki with various documentation for myself), so I am thinking to switching to atomic distro instead (maybe KDE Linux).
Is it just me, or does that seem … abrupt?
The timeline is not super abrupt, especially for architectures where all he is asking is to ensure that your Rust toolchain is in order. That is especially true when you consider that Rust is already well maintained on all the Debian architectures that people actually use.
The abruptness (almost rudeness) is in the second part where he basically says that, if you cannot get Rust going in time, you should just stop releasing Debian for that architecture.
It is mostly just poorly worded though. Because none of these architectures have “official” support even now. This will not be the only way they are behind. So, there is not reason to be so dramatic.
And that would be my response to him. Another option here is that these alternative architectures just continue to ship an older version of APT for now. Emergency avoided. Few of them ship with up-to-date versions of APT even now.
Another solution is to use one of the multiple projects that is working to make Rust code build with the GCC compiler back-end. At least one of these projects has already announced that they want to work with these Debian variants to ensure that APT builds with them.
So, the 6 month timeline is a reasonable impetus to make that happen which would be quite a good thing beyond just APT.
There are many other useful tools written in Rust you are going to want to use on these architectures. It will be a fantastic outcome if this pressure from APT kickstarts that happening for some of these long abandoned architectures (by the mainstream at least).
For package maintainers, it’s reasonable to expect security updates are rolled out the same week that a vulnerability is found. If you can’t deploy a new version of a package in 6 months, not maintaining the package is also a valid option.
There’s time until March for the maintainers of the 3 niche architectures to organize and make rust available for them. Doesn’t sound that abrupt to me
Wasn’t there a Rust-to-C compiler that would circumvent this limitation?
Yes. There is also a GCC front-end for Rust (does not go to C first).
For small niches, six months can be rather aprupt.
My niche can take 5 days or 5 months, depending on ADHD
Rust adds another layer of trusting the compiler isn’t backdoored. All UNIX/Linux systems use the gcc toolchain, so having it written in C would mean less dependencies for the OS.
- paraphrased from someone who seemed to know more about this stuff in this unrelated discussion yesterday
Strange times.
This seems relevant:
how many compiler back doors have we seen versus use-after-free/stack overflow attacks?
The anti-Rust crowd baffles me. Maybe C++ has rotted their brain to the point they can’t “get” the borrow checker.
My only complaint is that its syntax is an ugly mishmash. Should have copied scala or f#
More like Rust has rotted someone’s brain. “Hey, I can’t code safely, so I will use this new toy that is supposed to make me”. This line of thought is OK as long as it does not get imposed on anything I do as a programmer
The industry cannot code safely. There are many reports, studies, and corporate disclosures highlighting that memory related bugs are the primary source of critical security issues in C and C++ code. That is why even NIH companies like Google and Microsoft are adopting Rust in their core products.
That you want to publicly ignore all that evidence to paint it as an individual skill issue does not come across as competent or intelligent. Few of us are going to assume your code is free of these kinds of bugs.
The fact that your have to say it so dismissively makes me think that you know it too.
Things are much simpler:
-
Want a bug free code - do bug free code. Spend time carefully evaluating every line and interaction
-
Want third-party code and safety - examine that code in the same way
-
Whatever you do, assume there is a bug in any software you use, so plan and organize accordingly
-
No amount of magic pills can substitute the above. So yeah, it is a skill issue. Also an issue of kids wining that there are bugs and they don’t feel safe, so they want to cling to magic pills instead of dealing with the reality
-
how many compiler back doors have we seen versus use-after-free/stack overflow attacks?
Who cares? Why do you ask?
The anti-Rust crowd baffles me. Maybe C++ has rotted their brain to the point they can’t “get” the borrow checker.
I can’t code, so C++ doesn’t have much space in my brain, but Rust still seems a lot more sus to me than C.
You care, you are the one that brought it up as an issue with rust.
I ask as a rhetorical question to shed light on the fact that compiler back doors are a vanishingly small fraction of total security exploits, while the memory bugs that rust specifically addresses make up the vast majority.
You care
About random numbers? Not really
you are the one that brought it up as an issue with rust.
Are you referring to where I said “I want to know some random numbers Rust isn’t giving me, and that’s a problem with Rust?”
Because that was in your imagination.
Or are you referring to where I said “Rust wants to know some random numbers it isn’t giving itself?”
Because that was also in your imagination.
In reality, I brought up that I’ve heard Rust adds another layer of trusting the compiler isn’t backdoored.
While you’re spouting nonsense, this is happening:
https://www.infoq.com/news/2025/11/redis-vulnerability-redishell/
The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code. This grants full host access, enabling data theft, wiping, encryption, resource hijacking, and lateral movement within cloud environments.
13 years. That’s how long it took to find a critical safety vulnerability in one of the most popular C open source codebases, Redis. This is software that was expertly written by some of the best engineers in the world and yet, mistakes can still happen! It’s just that in C a “mistake” can often mean a memory-safety bug that would put user data at risk (…) That’s the nature of memory-safety bugs in C: they can hide in plain sight.
While you’re spouting nonsense
I’m the guy you were replying to here. I’m not spouting any nonsense in this thread. Did you reply to the wrong person, or is this a false accusation?
this is happening:
https://www.infoq.com/news/2025/11/redis-vulnerability-redishell/
The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code. This grants full host access, enabling data theft, wiping, encryption, resource hijacking, and lateral movement within cloud environments.
13 years. That’s how long it took to find a critical safety vulnerability in one of the most popular C open source codebases, Redis. This is software that was expertly written by some of the best engineers in the world and yet, mistakes can still happen! It’s just that in C a “mistake” can often mean a memory-safety bug that would put user data at risk (…) That’s the nature of memory-safety bugs in C: they can hide in plain sight.
Why did you make me read these paragraphs without explaining how they connect to the context? Let me guess: they don’t connect to the context, you’re just designing your replies to mislead people dumb enough to be vulnerable to your manipulation tactics? With no consideration for me whose time/energy you’re wasting, much less them who you’re confusing?
yes very, and I hate it. rustic metal is never good ffs!
oh man, and here I was about to finish migration to Debian.
Are you migrating to Debian on a niche CPU architecture? If not, this doesn’t affect you.
currently running on a P2 333mhz. I guess it’s pretty common though.
Didn’t Debian drop i386? Are you running Debian Bookworm?
bookworm? that’s a stretch…😉
That joke’s so funny, it’s making me a bit wheezy…
This shoehorning of Rust feels more artificial than Wayland’s. 🤔
I’m pretty certain I know how you feel about systemd, too.
You can think yhat Wayland adoption was artificial, bit X.Org is unmaintained software and no developers are picking up reigns of X11. X is dead.
Some devs with stong opinions have forked X11:
Yeah but his patches are so bad they almost all needed reverting so…
Ah those bigots who hide behind “everybody is welcome”. DEI a discriminatory policy my ass…
Exactly
Uhm, what?
Wayland has been in the works for more than a decade. Granted, there’s some people having issues with it, with propietary hardware (nVidia) and not-so-common setups like two monitors, but it happens that they are the most noisy. For the rest of us it’s been great, stable, and feels snappier than X.
If you want to talk about shoehorning stuff into Debian, talk about systemd.
not-so-common setups like two monitors
wat.jpg
I assume “weird two-monitors setups” that are not so common, not two-monitor setups as a whole, as Wayland works perfectly with two monitors. It even works way better than X11 if your monitors are different, like if only one has VRR or if both monitors need different scaling.
Maybe cause Apt is slow?
edit: maybe i have a placebo effect or i am miss remembering :PApt feels like one of the faster package managers. dnf is slow, yum is snail speed, zypper is slow as fuck too. Apt and Pacman is by far on the faster side
Dnf5 is absolutely not slow.
Moreover, apt’s output is God awful. How hard is it to put each package on its own line when doing an upgrade? Its commands are also esoteric (Madison?)?
It works and I like Debian but apt is very Meh.
I have strong doubts that rust could significantly speed up a software that’s written in C or C++.
Rust is generally not going to outperform well optimized C code.
That said, it is far easier to write performant Rust code than C code. So, what we see, is that projects that move to Rust frequently see performance gains.
That just means the initial C code was not that great (performance wise). From observation, most C projects are fairly unoptimized.
